Cloudflare Gets Transparent on DNS Resolver Outage

In a testament to transparency, Cloudflare has explained a 17-minute outage on its 1.1.1.1 resolver service last week: It was a glitch in its own systems, not a cyber-incident. The 1.1.1.1 service is a Domain Name System DNS resolver that matches up URLs say, “cloudflare.com” with their...

Facebook Defends Against Device-Integrated APIs Policy, But Concerns Remain

Facebook is hitting back against a New York Times article alleging that it struck deals enabling phone-makers to access users’ personal information. The incident is yet another blow to the social media giant as it continues to deal with questions and outrage over its data privacy policies. The...

Researchers Warn of Microsoft Zero-Day RCE Bug

Researchers have discovered a medium-severity Windows vulnerability that enables remote attackers to execute arbitrary code – and Microsoft hasn’t issued a patch yet. The flaw, which was first discovered by Dmitri Kaslov of Telspace Systems, exists within the handling of error objects in JScript,...

Browser Side-Channel Flaw De-Anonymizes Facebook Data

A side-channel vulnerability in Google Chrome and Mozilla Firefox allows drive-by de-anonymization of Facebook users. An exploit would allow an attacker to pick up the profile picture, username and the “likes” of unsuspecting visitors who find themselves landing on a malicious website – with no...

Public Google Groups Leaking Sensitive Data at Thousands of Orgs

Thousands of organizations out there are leaking some form of sensitive email, according to an analysis, thanks to a widespread misconfiguration in Google Groups. According to Kenna Security, the afflicted include Fortune 500 companies, hospitals, universities and colleges, newspapers and...

Honda, Universal Music Group Expose Sensitive Data in Misconfig Blunders

Server and cloud misconfigs continue to plague companies and their customers: This week it came to light that a Universal Music Group contractor neglected to protect an Apache Airflow server, leaving data exposed; while a Honda affiliate in India left two Amazon S3 buckets misconfigured for more...

Ticketfly, Major Concert Venues Still Offline After Hack

UPDATE Ticketfly and several major venues’ services are still offline Monday morning as they struggle to recover from a major hack that have brought down their websites and disrupted several public on-sale concert tickets. Ticket distribution service Ticketfly said in a statement that it has...

ICANN Launches GDPR Lawsuit to Clarify the Future of WHOIS

The WHOIS internet domain directory is at the center of a GDPR-related lawsuit that should clarify at least one of the many unknowns when it comes to achieving compliance with the data-privacy regulation. The suit was filed last week by ICANN, the nonprofit body responsible for administering the...

Nocturnal Stealer Lets Low-Skilled Cybercrooks Harvest Sensitive Info

The Nocturnal Stealer malware has crept into the Dark Web like a thief in the night, offering criminals a lucrative payday for a small price — and little effort. It’s a commodity malware, debuting on an underground forum in March for the low price of $25. It steals things, including 28 different...

Huawei Patches Four Server Bugs Rated High Severity

Huawei Technologies warned customers of four vulnerabilities rated high that impact 20 of its server models. Patches are available for each of the bugs that range from an authentication bypass vulnerability, privilege escalation vulnerability and two JavaScript Object Notation JSON injection...

Podcast: How Cities Can Be Security Smart

The smart city industry is projected to be a 400 billion dollar market by 2020, as municipals look at real-world applications for transportation, waste management, and law enforcement. But with that growth comes privacy issues and security risks, Tenable CTO Renaud Deraison told Threatpost’s...

Bug In Git Opens Developer Systems Up to Attack

UPDATE Git repository hosting services GitHub, GitLab and Microsoft VSTS each patched a serious vulnerability on Tuesday that could lead to arbitrary code execution when a developer uses a malicious repository. Developers behind the open-source development Git tool pushed out Git 2.17.1, addressi...

Botnet Operators Team Up To Leverage IcedID, Trickbot Trojans

The botnet operators behind two infamous banking trojans have banded together to gouge victims of cash in a tricky collaborative scheme. Flashpoint analysts, who highlighted the collaboration in a Wednesday report, said that the operators behind the IcedID and TrickBot trojans appear to be...

Yahoo! Hacker Sentenced; Coke Opens Up a Can of Data Breach

Fortune 500 breaches seem to be a theme this week. As the Yahoo attacker responsible for the company’s 500 million-account data breach has been sentenced, Coca-Cola disclosed an insider stole the information of 8,000 employees. A Canadian man who pleaded guilty last year to a “hacking-for-hire”...

Google Patches 34 Browser Bugs in Chrome 67, Adds Spectre Fixes

Google updated its Chrome browser to version 67.0.3396.62 on Tuesday patching 34 bugs and adding support for the credential management API called WebAuthn. The update will be available in the coming days for Windows, Mac and Linux platforms, Google said. Most notably to the browser update are...

Hidden Cobra Strikes Again with Custom RAT, SMB Malware

The feds are warning that the North Korean APT group known as Hidden Cobra is mounting active attacks on U.S. businesses and others globally, including organizations in the media, aerospace, financial and critical infrastructure sectors. According to a United States Computer Emergency Readiness...

Fraudsters Claim To Hack Two Canadian Banks

UPDATE Two Canadian banks have reported that they may be targets of a hack, after bad actors claimed that they electronically accessed personal and account information of a combined 90,000 customers. The attackers have asked for a ransom of 1 Ripple XMR from each, which translates to around $1...

SEVered Attack Extracts the Memory of AMD-Encrypted VMs

UPDATE Virtual machines that use AMD’s Secure Encrypted Virtualization SEV, a hardware-based encryption scheme, have been found to be vulnerable to the same malicious hypervisor attacks that can affect all processors. A successful attack can extract the full contents of their main memory in...

Sonic Tone Attacks Damage Hard Disk Drives, Crashes OS

Using sonic and ultrasonic soundwaves as a weapon, researchers can disrupt the read, write and storage functions of a hard disk drive HDD. The method can also be used to crash the host operating system, and in some cases damage targeted drives. Researchers said the attack can be performed by...

Google Patches reCAPTCHA Bypass

Google has fixed a bypass for its reCAPTCHA authentication mechanism – the Turing test-based methodology for proving that website users aren’t robots, commonly spotted on log-in pages online. The news comes as Google releases a new version of reCAPTCHA in beta. Google has been working on refining...

Brazilian Banking Trojan Communicates Via Microsoft SQL Server

Researchers have discovered a banking trojan making waves in Brazil with an array of tricks up its sleeve, including using an unusual command and control C&C server and a full-screen social-engineering overlay form. Researchers at IBM X-Force research on Tuesday revealed that attackers are using...

Singapore ISP Leaves 1,000 Routers Open to Attack

Southeast Asian telcom giant Singapore Telecommunications Limited left approximately 1,000 customer routers wide open to a potential attack via an unprotected port. The flub occurred after the region’s largest ISP conducted remote maintenance on affected routers and failed to secure equipment whe...

Despite Ringleader’s Arrest, Cobalt Group Still Active

Evidence has surfaced that the Cobalt Group – the threat actors behind widespread attacks on banks and ATM jackpotting campaigns across Europe – is continuing to operate, despite the arrest of its accused ringleader in March. The Cobalt Group, first burst on the scene in 2016: in a single night,...

Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim

The popular home automation protocol Z-Wave, used by millions of IoT devices, is vulnerable to a downgrade attack that could allow an adversary to take control of targeted devices, according to researchers. Z-Wave is a wireless protocol used by 2,400 vendors; its wireless chipsets are embedded in...

Pet Trackers Open to MITM Attacks, Interception

UPDATE Family pets are near and dear to us, so smart collars and other devices for animals that track their locations are becoming popular; a world without the need for lost-pet flyers is after all a wonderful thing. The problem, according to researchers, is that these devices can leak sensitive...

Alexa Eavesdropping Flub Re-Sparks Voice Assistant Privacy Debate

After an Alexa-enabled Echo device recorded and shared a private conversation of its unknowing owners, the tech industry – and the public – is casting a wary eye on voice assistant privacy issues. On Thursday, news emerged that a Portland family’s Echo device had recorded a conversation of them –...

Attackers Cashing In On Cryptocurrency With Increased Scams

As the popularity around cryptocurrency has continued to boom in 2018, it has also tempting target for cash-hungry scammers to launch “cryptocurrency giveaway scams.” Researchers at Proofpoint this week said they’ve observed a sharp rise in these scams, which target users of Ethereum and Bitcoin...

What Will GDPR’s Impact Be On U.S. Consumer Privacy?

Will General Data Protection Regulation rules that go in effect on Friday impact the privacy of U.S. citizens? It depends who you ask, but the odds-on-favorite answer is “not by much.” The Facebook Cambridge Analytica scandal in March led to a firehose of rebuke against social media platforms,...

Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4

Spectre and Meltdown fixes for Intel chips announced in March, to be embedded into new CPUs, do not address the newly disclosed Variant 4, sources said. Intel introduced hardware-based safeguards to its new chips to protect against the Spectre and Meltdown flaws that rocked the silicon industry...

Amazon Comes Under Fire for Facial Recognition Platform

Facial-recognition technology has long been touted as a useful tool for law enforcement, but the ability of systems like Amazon’s Rekognition platform to identify large numbers of people at once in a single video or still frame has raised the hackles of privacy advocates. The American Civil...

Schneider Electric Patches XML Vulnerability In Software

Schneider Electric on Tuesday issued fixes for a vulnerability in its SoMachine Basic software, which could result in the disclosure and retrieval of arbitrary data. The software in question is used to develop code for programmable logic controllers. Attackers can leverage a vulnerability within...

James Comey: FBI Faces Deep Tech-Related Questions

LAS VEGAS – The American law enforcement system is facing a crisis of identity in the face of technology advancement, with cloud migration and automated systems, data privacy and encryption all remaining central issues for the FBI as it considers its mandate and role in the modern digital age...

Ahead of GDPR, Information Governance Comes into Its Own

LAS VEGAS – In sharp contrast to a year ago, a full 98 percent of US enterprises in a survey from the Information Governance Institute have embarked on information governance IG projects. That’s dramatically up to say the least: Just 10 percent last year had projects in place. Why the staggering...

VPNFilter Malware Infects 500k Routers Including Linksys, MikroTik, NETGEAR

Malware called VPNFilter has infected 500,000 router brands ranging from Linksys, MikroTik, NETGEAR and TP-Link that are mostly used in home offices. Researchers at Cisco Talos said they decided to warn the public of the threat despite the fact the infected devices and malware are still under...

Researchers Say More Spectre-Related CPU Flaws On Horizon

After another speculative execution side channel-related flaw has been disclosed in processors, security experts say that more may be on the horizon. Researchers on Monday disclosed Variant 4, a new speculative execution side channel category flaw that allows attackers to read privileged data...

Six Vulnerabilities Found in Dell EMC’s Disaster Recovery System, One Critical

A pen-tester has found six vulnerabilities in Dell EMC RecoverPoint devices, including a critical remote code execution flaw that could allow total system compromise. EMC RecoverPoint is a disaster recovery tool that can be used to back up local and remote information storage, across data centers...

Comcast Patches Router Bug That Leaked Some Wi-Fi Passwords

Comcast patched a bug Monday that under certain conditions leaked customer SSID names and passwords of Xfinity routers. The flaw was accessible via the Comcast website used by customers to activate and manage their Xfinity router. The bug did not affect Comcast customers that used their own priva...

Intel Responds to Spectre-Like Flaw In CPUs

Intel acknowledged that its processors are vulnerable to another dangerous speculative execution side channel flaw that could give attackers unauthorized read access to memory. The new vulnerability, disclosed by Google Project Zero and Microsoft’s Security Response Center, is called Variant 4, a...

Malicious PHP Script Infects 2,400 Websites in the Past Week

A botnet dubbed Brain Food is giving webmasters indigestion with related attacks that push bogus diet pills and IQ-boosting pills via web pages hosted on legitimate sites. So far, spammers have been successful, thanks to an effective Hypertext Preprocessor PHP script also called Brain Food that h...

TeenSafe Tracking App Exposes Thousands of Private Records

Thousands of accounts for TeenSafe, which is a mobile app that parents can use to monitor what their kids are doing online, have been exposed in the latest Amazon Web Services cloud misconfiguration. According to a report from ZDNet, which verified the data breach, there were at least two servers...

Roaming Mantis Swarms Globally, Spawning iOS Phishing, Cryptomining

The Roaming Mantis mobile banking trojan is roaming further afield than it ever has before. Recent analysis shows that the malware has rapidly evolved just in the past month. It’s now targeting Europe and the Middle East in addition to Asian countries. According to researchers, it’s following the...

Wicked Botnet Uses Passel of Exploits to Target IoT

Yet another variant of the Mirai botnet has appeared on the scene, but this one has a twist: The code is integrated with at least three exploits that target unpatched IoT devices, including closed-circuit cameras and Netgear routers. It also has ties to a web of other botnets, made for DDoS...

Hurdles Remain After Senate Votes To Restore Net Neutrality

The U.S. Senate this week gave the nod to restoring net neutrality regulations that would prevent ISPs from controlling access to certain websites. But roadblocks remain, even as the legislation is pushed on the fast track to a House vote: Bigwig ISPs, independent ISPs, small businesses, Democrat...

Latin American ‘Biñeros’ Bond Over Fraudulent Purchase Scheme

A type of card-not-present fraud is spreading throughout the Latin American underground, uniting groups of malefactors in a communal effort to perpetrate it as widely and as often as possible. Cybercriminals in the region are making use of problems in the validation process for bank identificatio...

Threatpost News Wrap Podcast for May 18

Threatpost editors Tom Spring, Tara Seals and Lindsey O’Donnell discuss the week’s information security news, including some interesting new malware, a Linux patch that made waves, social engineering gambits and a major banking theft from the second-largest economy in Latin America...

TeleGrab Malware Steals Telegram Desktop Messaging Sessions, Steam Credentials

Recently discovered malware steals cache data and secure messaging sessions from the desktop version of encrypted messaging service Telegram. The malware, dubbed TeleGrab, leverages weak default settings in the design of Telegram’s desktop version along with the desktop’s lack of support for Secr...

Misconfigured Reverse Proxy Servers Spill Credentials

Researchers have created a proof-of-concept attack that allows unauthenticated adversaries to extract user credentials from misconfigured reverse proxy servers in order to delete, manipulate or extract data from websites and applications. The proof-of-concept PoC attack targets major cloud...

RedDawn Espionage Campaign Shows Mobile APTs on the Rise

A sophisticated and targeted mobile espionage campaign has been found targeting North Korean defectors. Mounted by a relatively new APT actor known as Sun Team, the offensive used Google Play and Facebook as attack vectors; and overall, it shows how quickly the mobile threat landscape is evolving...

Fake Fortnite Apps for Android Spread Spyware, Cryptominers

An array of malicious Android apps purporting to be the popular game known as Fortnite are accessing cameras, harvesting and wiping device data, and recording audio on victims’ phones. Researchers at Zscaler’s ThreatLabZ said that bad actors are taking advantage of Fortnite owner Epic Games’s...

‘Voice-Squatting’ Turns Alexa, Google Home into Silent Spies

A team of academic researchers has tested the phonetic wherewithal of smart-home assistants Amazon Alexa and Google Home, finding it possible to closely mimic legitimate voice commands in order to carry out nefarious actions. The researchers, a composite team from Indiana University in Bloomingto...